Bug fix: If the allocation of a socket failed and we
freed the inpcb, it was possible to not set the proper flags on the pcb (i.e. the socket is not there). This is HIGHLY unlikely since no one else should be able to find the socket.. but for consistency we do the proper loop thing to make sure that we mark the socket as gone on the PCB.
This commit is contained in:
parent
d3e5c802a9
commit
e34b217f91
@ -551,6 +551,7 @@ sctp_attach(struct socket *so, int proto, struct thread *p)
|
||||
sctp_log_closing(inp, NULL, 17);
|
||||
#endif
|
||||
if (error != 0) {
|
||||
try_again:
|
||||
flags = inp->sctp_flags;
|
||||
if (((flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
|
||||
(atomic_cmpset_int(&inp->sctp_flags, flags, (flags | SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_CLOSE_IP)))) {
|
||||
@ -561,7 +562,12 @@ sctp_attach(struct socket *so, int proto, struct thread *p)
|
||||
sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
|
||||
SCTP_CALLED_AFTER_CMPSET_OFCLOSE);
|
||||
} else {
|
||||
SCTP_INP_WUNLOCK(inp);
|
||||
flags = inp->sctp_flags;
|
||||
if ((flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) {
|
||||
goto try_again;
|
||||
} else {
|
||||
SCTP_INP_WUNLOCK(inp);
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user